Michael,
This is "backscatter spam". You're not compromised, no need to change
passwords, not a damn thing you can do about it except filter all
delivery failures to null (not always a good idea).
Backscatter spam results when a spammer sends out a mass emailing using
an address in your mail domain as the return-address of the spam email
message. A very large percentage of the target addresses will be bad,
which will result in delivery failure at the target mail server. Some
percentage of the mail admins for those servers will be ignorant slobs
stuck in the 1990s who fail to recognize that most return addresses on
spam are forged and instead of sending the incoming spam to null, they
configure their servers to send message failures, spam notifications and
virus notifications to the hapless forged return address owners,
resulting in much more work for conscientious admins such as ourselves.
Here's more info:
http://spamlinks.net/prevent-secure-backscatter.htm
And, if you're an Exchange admin, take steps to avoid contributing to
the backscatter problem yourself - Exchange sends NDRs ("non-delivery
reports") by default. Google for the method for your version of
Exchange.
Have a great day,
John
----- Original message -----
From: "Michael McWilliams" <mmcwilliams22@...>
To: vantage@yahoogroups.com
Date: Fri, 05 Sep 2008 16:23:02 -0000
Subject: [Vantage] [OT} User mail problem
I have a user that came in today with 1500 delivery failure messages
for email she did not send. They are all comming from outside the
network, I am guessing someone is sending spam using her email. She
is also getting emails with peoples name inside our company in the
title but from odd domains. I can't find any odd activity on our
network, could it be a customer or vendor is compromised? Any thoughts?
This is "backscatter spam". You're not compromised, no need to change
passwords, not a damn thing you can do about it except filter all
delivery failures to null (not always a good idea).
Backscatter spam results when a spammer sends out a mass emailing using
an address in your mail domain as the return-address of the spam email
message. A very large percentage of the target addresses will be bad,
which will result in delivery failure at the target mail server. Some
percentage of the mail admins for those servers will be ignorant slobs
stuck in the 1990s who fail to recognize that most return addresses on
spam are forged and instead of sending the incoming spam to null, they
configure their servers to send message failures, spam notifications and
virus notifications to the hapless forged return address owners,
resulting in much more work for conscientious admins such as ourselves.
Here's more info:
http://spamlinks.net/prevent-secure-backscatter.htm
And, if you're an Exchange admin, take steps to avoid contributing to
the backscatter problem yourself - Exchange sends NDRs ("non-delivery
reports") by default. Google for the method for your version of
Exchange.
Have a great day,
John
----- Original message -----
From: "Michael McWilliams" <mmcwilliams22@...>
To: vantage@yahoogroups.com
Date: Fri, 05 Sep 2008 16:23:02 -0000
Subject: [Vantage] [OT} User mail problem
I have a user that came in today with 1500 delivery failure messages
for email she did not send. They are all comming from outside the
network, I am guessing someone is sending spam using her email. She
is also getting emails with peoples name inside our company in the
title but from odd domains. I can't find any odd activity on our
network, could it be a customer or vendor is compromised? Any thoughts?